|
151
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Exposed Keycloak management
service in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug
information such as metrics and
health data. This issue affects Sym…
New
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2026-33584
|
2026-05-15 02:19 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
152
|
3.8 |
LOW
Physics
|
-
|
-
|
Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session.…
New
|
CWE-233
Improper Handling of Parameters
|
CVE-2026-33585
|
2026-05-15 02:19 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
153
|
9.1 |
CRITICAL
Network
|
-
|
-
|
fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to…
New
|
CWE-287
CWE-326
CWE-1391
Improper Authentication
Inadequate Encryption Strength
Use of Weak Credentials
|
CVE-2026-44351
|
2026-05-15 02:19 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
154
|
9.0 |
CRITICAL
Network
|
-
|
-
|
vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulner…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42457
|
2026-05-15 02:19 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
155
|
8.8 |
HIGH
Network
|
-
|
-
|
RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport (crates/rmcp/src/transport/streamable_http_server/) did not vali…
New
|
CWE-346
CWE-350
Origin Validation Error
Reliance on Reverse DNS Resolution for a Security-Critical Action
|
CVE-2026-42559
|
2026-05-15 02:19 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
156
|
- |
|
-
|
-
|
SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. Prior to 1.8.0, SQLBot contains a Cross-Workspace IDOR (Insecure Direct Object Reference) and Authorization Bypass …
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42463
|
2026-05-15 02:18 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
157
|
5.3 |
MEDIUM
Network
|
-
|
-
|
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, a logic flaw in the OPNsense lockout_handler allows an unauthenticated attacker to continuously reset the authentication fa…
New
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-44195
|
2026-05-15 02:18 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
158
|
7.8 |
HIGH
Local
|
-
|
-
|
gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink int…
New
|
CWE-59
Link Following
|
CVE-2026-44471
|
2026-05-15 02:18 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
159
|
- |
|
-
|
-
|
OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking…
New
|
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
|
CVE-2026-42186
|
2026-05-15 02:18 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
160
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-3258. Reason: This candidate is a reservation duplicate of CVE-2026-3258. Notes: All CVE users should reference CV…
New
|
-
|
CVE-2026-7805
|
2026-05-15 02:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
